memfd-util: set F_SEAL_EXEC flag if supported

author: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-05-16 18:50:39 +0900
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-05-16 18:50:39 +0900
commit: 52e2672af21827102a3192bd5e9b75070bc72297 (patch)
tree: 94e2b07b3260cf0735e95481fcb299972279d19f /src
parent: 17915ea5b3d11790a8bd1f09335aa10bdf3c2a96 (diff)
download: systemd-52e2672af21827102a3192bd5e9b75070bc72297.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/basic/memfd-util.c b/src/basic/memfd-util.c
index 3e99ab0480..8e6946642b 100644
--- a/src/basic/memfd-util.c
+++ b/src/basic/memfd-util.c
@@ -92,9 +92,15 @@ int memfd_map(int fd, uint64_t offset, size_t size, void **p) {
 }
 
 int memfd_set_sealed(int fd) {
+        int r;
+
         assert(fd >= 0);
 
-        return RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL));
+        r = RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_EXEC | F_SEAL_SEAL));
+        if (r == -EINVAL) /* old kernel ? */
+                r = RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL));
+
+        return r;
 }
 
 int memfd_get_sealed(int fd) {
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-05-16 18:50:39 +0900
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-05-16 18:50:39 +0900
commit	52e2672af21827102a3192bd5e9b75070bc72297 (patch)
tree	94e2b07b3260cf0735e95481fcb299972279d19f /src
parent	17915ea5b3d11790a8bd1f09335aa10bdf3c2a96 (diff)
download	systemd-52e2672af21827102a3192bd5e9b75070bc72297.tar.gz